Closed morro91 closed 4 years ago
Hi @morro91,
Thank you very much for your suggestion.
If you take a look to the output of winpeas.bat you can see that all the privileges that can be used to escalate privileges are mentioned just before executing whoami /all
(so the user should look for them).
I think that it is better to mention them and then print all the output of whoami /all
because more interesting things can be found in the output of that execution apart of the privileges. What do you think?
In winpeas.exe all the privileges that can be used to escalate privileges are printed in red.
ahhh must've skimmed over the output and missed that. cool cool, very nice :)
A good one for Windows privilege escalation, if they have the SeImpersonatePrivilege privilege enabled, the can get to SYSTEM access.
https://www.exploit-db.com/exploits/31667 https://hunter2.gitbook.io/darthsidious/privilege-escalation/juicy-potato https://foxglovesecurity.com/2017/08/25/abusing-token-privileges-for-windows-local-privilege-escalation/
Some very POC code below:
whoami /priv | find "Enabled" | find "SeImpersonatePrivilege" && set expl=yes